Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82624c93-a718-4b6c-b8d0-1502172fc711.roa
File:                     82624c93-a718-4b6c-b8d0-1502172fc711.roa (raw, json)
Hash identifier:          oRZugwnWf4r23flMx9/q4yquFl1i+YhSg8GvdS3wcX8=
Subject key identifier:   41:83:B2:23:95:91:D9:DE:2B:71:86:62:A7:3F:38:75:13:47:CC:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28D5B41B853DD82E9A46E14FF8C7BC57ADEFA5A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82624c93-a718-4b6c-b8d0-1502172fc711.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f61:8060::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Feb 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d5:b4:1b:85:3d:d8:2e:9a:46:e1:4f:f8:c7:bc:57:ad:ef:a5:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:55:25:57:29:56:3b:10:40:2a:8a:1b:ed:58:
                    8e:42:ff:53:2b:e7:d4:cd:15:8f:dd:7b:d0:5b:3a:
                    ae:00:5f:a5:da:b9:f7:67:3c:71:61:a4:c1:0d:7a:
                    9e:b1:8b:e5:0e:c0:7d:53:9f:75:52:f3:98:29:7b:
                    93:f4:31:c7:ef:8a:5a:a9:5e:ea:bc:14:4c:65:80:
                    1e:4f:1f:62:c1:ea:a2:88:a3:5b:61:59:dc:5f:c6:
                    e3:17:86:f4:6b:b2:6b:9a:f8:de:11:7b:c8:09:ac:
                    27:cc:64:08:b8:e1:32:b8:2a:8c:62:56:7c:7c:21:
                    1a:ec:41:04:07:45:ac:57:23:99:08:ff:db:b5:58:
                    20:b6:ae:12:b8:a4:c3:ae:34:53:e8:de:00:6e:3a:
                    28:24:37:75:f5:0d:a1:d8:15:a9:c8:d0:20:01:a4:
                    c8:fe:c7:08:72:64:41:80:04:d7:0c:ea:e2:bb:a9:
                    7a:32:24:00:59:ad:fc:a8:a2:e7:b0:bd:cf:69:9a:
                    8e:47:39:51:a1:09:95:6c:84:6f:63:94:5f:2c:84:
                    02:b8:d7:5a:10:1a:11:ae:c2:36:0c:38:f5:7a:ff:
                    bd:f8:e1:27:d1:10:74:4f:78:0a:b3:6c:82:07:7a:
                    62:9a:71:16:77:58:92:87:3e:1b:b0:56:92:13:66:
                    63:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:83:B2:23:95:91:D9:DE:2B:71:86:62:A7:3F:38:75:13:47:CC:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82624c93-a718-4b6c-b8d0-1502172fc711.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:8060::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:34:40:7f:df:d3:09:13:6d:38:f0:53:72:88:a7:a5:44:ad:
         ee:bb:44:fc:87:c6:2c:19:36:af:b9:d4:fe:d4:30:7e:7e:fa:
         81:2f:a4:aa:ae:61:44:16:b7:b1:e7:d4:71:95:3a:a8:e2:56:
         b0:b9:a4:c8:81:8e:66:d3:4b:68:37:57:cc:a7:2d:24:29:3b:
         41:b8:ca:2e:0d:68:71:c4:69:d3:a1:cb:7b:73:fe:cc:3a:8b:
         a6:28:84:4f:4f:ee:87:db:61:82:06:61:84:b1:f1:b5:7f:e2:
         b3:af:99:70:c0:33:09:28:8e:b1:88:19:5c:e7:08:b5:58:12:
         a4:29:c1:9d:ad:64:f8:41:c0:14:8a:48:59:e9:31:80:27:79:
         fe:df:3f:84:62:33:7d:0e:5a:be:23:8d:74:00:26:21:af:2b:
         27:c7:3c:af:35:df:20:14:81:67:71:26:6a:26:11:31:3a:e9:
         24:a0:fe:8d:e1:8c:86:dc:32:9b:cb:3c:07:e7:ba:cf:e4:a2:
         0d:6b:e9:34:cd:fd:a0:98:49:d4:3d:b9:cc:f3:bc:9a:ce:02:
         7e:2b:c0:ef:ed:c5:f2:ed:bd:9a:9d:f9:30:03:48:52:19:e6:
         61:08:b3:02:67:0d:af:05:05:31:f3:b0:de:ae:9f:5a:c2:2d:
         0c:7e:2c:59
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKNW0G4U92C6aRuFP+Me8V63vpacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDIxNmM4NTJjOTY0ZjAwMmYyZDAxYmJhODdlOTU2NjQ3
MjI2NzQ0ODhjMGM4MDIzYTliMWEwY2NlYWY0ZTQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdVSVXKVY7EEAqihvtWI5C/1Mr59TNFY/de9BbOq4AX6Xa
ufdnPHFhpMENep6xi+UOwH1Tn3VS85gpe5P0McfvilqpXuq8FExlgB5PH2LB6qKI
o1thWdxfxuMXhvRrsmua+N4Re8gJrCfMZAi44TK4KoxiVnx8IRrsQQQHRaxXI5kI
/9u1WCC2rhK4pMOuNFPo3gBuOigkN3X1DaHYFanI0CABpMj+xwhyZEGABNcM6uK7
qXoyJABZrfyoouewvc9pmo5HOVGhCZVshG9jlF8shAK411oQGhGuwjYMOPV6/734
4SfREHRPeAqzbIIHemKacRZ3WJKHPhuwVpITZmOtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUQYOyI5WR2d4rcYZipz84dRNHzNUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyNjI0YzkzLWE3MTgtNGI2Yy1iOGQwLTE1MDIxNzJmYzcxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgGAwDQYJKoZIhvcNAQELBQADggEBAGg0QH/f0wkTbTjwU3KIp6VE
re67RPyHxiwZNq+51P7UMH5++oEvpKquYUQWt7Hn1HGVOqjiVrC5pMiBjmbTS2g3
V8ynLSQpO0G4yi4NaHHEadOhy3tz/sw6i6YohE9P7ofbYYIGYYSx8bV/4rOvmXDA
MwkojrGIGVznCLVYEqQpwZ2tZPhBwBSKSFnpMYAnef7fP4RiM30OWr4jjXQAJiGv
KyfHPK813yAUgWdxJmomETE66SSg/o3hjIbcMpvLPAfnus/kog1r6TTN/aCYSdQ9
uczzvJrOAn4rwO/txfLtvZqd+TADSFIZ5mEIswJnDa8FBTHzsN6un1rCLQx+LFk=
-----END CERTIFICATE-----